Attack Simulation Lab

Real-world scenarios. Real-time responses.

Simulation #1: SSH Brute Force Attack

Sample Logs:

May 18 04:21:17 server sshd[1924]: Failed password for invalid user admin from 203.0.113.42 port 42412 ssh2
May 18 04:21:19 server sshd[1924]: Failed password for invalid user test from 203.0.113.42 port 42413 ssh2
May 18 04:21:21 server sshd[1924]: Failed password for invalid user root from 203.0.113.42 port 42414 ssh2
May 18 04:21:23 server sshd[1924]: Failed password for invalid user guest from 203.0.113.42 port 42415 ssh2
May 18 04:21:25 server sshd[1924]: Failed password for invalid user oracle from 203.0.113.42 port 42416 ssh2

Challenge:

Analyze the logs and extract the flag hidden in the pattern of failed attempts. Hint: count how many unique usernames were tried before blocking.

Hint:

  • There are 5 attempts from the same IP.
  • The flag format is Flag{SSH_Brute_<number>}.

Simulation #2: Phishing Email Analysis

Email with suspicious attachment and spoofed sender...

Simulation #3: DNS Exfiltration

Large volumes of DNS queries with suspicious patterns...

function checkFlag1() { const user = document.getElementById("flag1").value.trim(); const result = document.getElementById("flag1-result"); const correct = "Flag{SSH_Brute_5}"; if (user === correct) { result.textContent = "✅ Correct! You identified all 5 unique brute-force attempts."; result.style.color = "#0f0"; } else { result.textContent = "❌ Incorrect, try again."; result.style.color = "#f00"; } }